SRF → NICE Framework Mapping — AI Shared Responsibility

Why this alignment works

The SRF is a security accountability substrate — useful input to frameworks that share its structure.

The SRF's core claim is precise: one accountable party per component, across five layers of the AI stack. That precision is what makes it a reliable source for other frameworks to draw from. NICE defines a Work Role as an "area of responsibility" composed of Tasks, Knowledge, and Skills — a structure that happens to align well with how the SRF decomposes accountability across the AI stack. The SRF therefore provides useful raw material for NICE's AI work-role effort, without extending into workforce territory itself.

How to read this mapping. This is an informing relationship, not an extension. The SRF stays in its lane — security accountability across the AI stack — and that focus is precisely what makes it a credible input to other frameworks. The material below is a contribution input, a strawman to give NICE's community-review process a running start. NICE owns and drives authoritative Task, Knowledge, and Skill (TKS) statements through its established process. Four points govern interpretation: (1) SRF responsibilities map most cleanly to candidate Tasks, not whole Work Roles; (2) SRF personas are organizational/contractual parties, not human job roles — they scope and cluster candidate roles but are never transcribed one-to-one; (3) specific responsibilities below are illustrative and should be reconciled against the SRF v1.0 text; (4) scope is Security of AI — the SRF does not materially cover Security through AI, which needs separate inputs.

Part A — Crosswalk

SRF responsibilities → candidate NICE Tasks

Grouped by SRF layer and persona. Task statements are phrased in NICE style — action verb + object + context — for direct reuse by NICE authors.

AI Business & Usage layer

SRF Persona	SRF Responsibility	Candidate NICE Task
AI System Governance	Map accountability and maintain a risk register	Maintain an accountability mapping and risk register for AI systems, with assigned owners and timelines
AI System Governance	Set acceptable risk and authorize autonomy	Define acceptable-risk thresholds and authorize AI system autonomy levels based on system importance
AI System Governance	Coordinate AI incident response	Coordinate cross-layer AI security incident response and post-incident review
AI System Governance	Define and collect assurance evidence	Define and collect evidence demonstrating AI security control effectiveness across the lifecycle
AI System Governance	Assure vendors and contracts	Evaluate AI vendor security posture and establish contractual security, evidence, and accountability requirements
AI System Users	Use AI appropriately and report issues	Recognize AI system limitations and report anomalous or unsafe AI behavior through established channels

AI Information layer

SRF Persona	SRF Responsibility	Candidate NICE Task
Data Provider	Track data provenance and lineage	Establish and maintain provenance and lineage tracking for training, fine-tuning, and retrieval data
Data Provider	Defend against data poisoning	Assess and mitigate data poisoning and integrity risks across AI data pipelines
Data Provider	Classify and control data access	Classify and apply access controls to data used by AI systems, including retrieval (RAG) sources

AI Application layer

SRF Persona	SRF Responsibility	Candidate NICE Task
Application Developer	Defend against prompt injection	Implement and test input validation and prompt-injection defenses for AI application interfaces
Application Developer	Control output and data leakage	Implement output filtering and data-loss-prevention controls for AI application responses
Application Developer	Configure and maintain guardrails	Configure, test, and maintain application-layer guardrails and content controls
Application Developer	Securely integrate models and platform services	Securely integrate AI models and platform services, including credential and data-access management

AI Platform layer

SRF Persona	SRF Responsibility	Candidate NICE Task
AI Platform Provider	Enforce tenant isolation	Design and verify tenant isolation controls for multi-tenant AI platforms
AI Platform Provider	Provide platform security telemetry	Implement platform-level security telemetry and logging for AI workloads
AI Platform Provider	Define platform incident-response boundaries	Define and document platform security responsibilities and incident-response SLAs
Agentic Platform / Framework Provider	Mediate agent tool invocation	Implement controls that mediate agent tool invocation and authorize external actions
Agentic Platform / Framework Provider	Establish agent identity and secure inter-agent comms	Establish agent identity, authentication, and secure inter-agent communication mechanisms
Agentic Platform / Framework Provider	Provide human override/escalation	Design human-in-the-loop override and escalation controls appropriate to the agent's autonomy level

AI Model Provider layer

SRF Persona	SRF Responsibility	Candidate NICE Task
Model Provider	Document provenance, training-data lineage, evaluations, intended use	Produce and maintain model documentation (model cards) capturing provenance, training-data lineage, evaluation results, and intended-use constraints
Model Provider	Harden base models against adversarial manipulation and theft	Assess and harden foundation models against adversarial evasion, model extraction, and inversion attacks
Model Provider	Disclose model versions and known vulnerabilities	Publish and maintain model version and vulnerability disclosures for downstream consumers
Model Provider	Protect model weights and artifacts	Implement integrity, signing, and access controls protecting model weights and artifacts across the supply chain
AI Model Serving	Secure inference endpoints	Secure model-serving and inference endpoints, including authentication, rate limiting, and abuse detection
AI Model Serving	Enforce served-artifact integrity	Validate the integrity and provenance of served model artifacts at deployment

Part B — Strawman

Proposed Work Role Category: Artificial Intelligence Security

A category grouping the Work Roles that secure AI systems across the stack. The five candidate roles below cluster the Part A Tasks by the human capability needed to perform them — deliberately collapsing the SRF's organizational personas into roles a single person could plausibly hold. Knowledge and Skill statements are first-pass seeds for NICE to refine through its community and public-comment process.

Work Role 1

AI Security Governance & Assurance Lead

Area of responsibility: Accountability, risk acceptance, assurance, and incident coordination for AI systems.

Illustrative Tasks

Accountability mapping and risk register · acceptable-risk and autonomy authorization · AI incident-response coordination · evidence and audit definition · vendor and contract assurance

Knowledge (seed)

NIST AI RMF ISO/IEC 42001 Shared-responsibility models AI assurance & audit EU AI Act Sector regulation

Skills (seed)

AI accountability / RACI mapping Evidence requirements AI vendor security assessment

Work Role 2

AI Data Security Steward

Area of responsibility: Security and integrity of data used by AI systems. Candidate to extend existing data-security roles rather than stand fully alone.

Illustrative Tasks

Data provenance and lineage · data-poisoning defense · classification and access control for AI and RAG data

Knowledge (seed)

Data poisoning attack vectors Provenance & lineage tooling Data governance RAG security

Skills (seed)

AI data-integrity risk assessment Provenance tracking AI data access controls

Work Role 3

AI Application Security Engineer

Area of responsibility: Security of applications built on AI models — interface, integration, and runtime controls.

Illustrative Tasks

Input validation and prompt-injection defense · output filtering and DLP · guardrail configuration and testing · secure integration of models and platform services

Knowledge (seed)

OWASP LLM Top 10 MITRE ATLAS LLM app patterns (RAG, tool use, agents) AI-adapted secure SDLC

Skills (seed)

Prompt-injection defense & testing Guardrail validation AI application red-teaming

Work Role 4

AI Platform & Agentic Runtime Security Engineer

Area of responsibility: Security of the platform and agent runtime — isolation, mediation, identity, and telemetry.

Illustrative Tasks

Tenant isolation · platform security telemetry · agent tool-invocation mediation · agent identity and inter-agent communication security · human override/escalation controls

Knowledge (seed)

Multi-tenant isolation Agent frameworks & orchestration Agent identity & authorization AI security telemetry schemas

Skills (seed)

Tenant isolation verification Agent action authorization Agentic telemetry instrumentation

Work Role 5

AI Model Security Engineer

Area of responsibility: Security of the model itself and its serving path — robustness, integrity, provenance, and secure inference.

Illustrative Tasks

Model documentation / cards · adversarial hardening · model artifact integrity and supply-chain protection · inference-endpoint security · served-artifact integrity validation

Knowledge (seed)

Foundation model & ML architectures Adversarial ML (evasion, extraction, inversion) Model provenance & attestation Secure MLOps

Skills (seed)

Adversarial robustness testing Model artifact signing & integrity Inference endpoint security

Cross-cutting note — AI System Users. The SRF's end-user responsibilities (recognizing limitations, reporting anomalies) are best handled as AI-related TKS added to existing general-workforce and security-awareness roles, not as a dedicated Work Role.

Existing roles

NICE Work Roles to update with AI-related TKS

Many SRF responsibilities extend disciplines that already have NICE Work Roles. These roles gain AI-specific Task, Knowledge, and Skill statements rather than warranting entirely new roles.

Secure Software Development

Add AI application-security Tasks: prompt-injection defense, guardrails, output controls.
Security Architecture / Systems Security Engineering

Add AI model- and platform-security architecture Tasks: isolation, agent mediation, model integrity.
Systems Security Analysis / Vulnerability Analysis

Add adversarial-ML testing and AI red-teaming.
Incident Response

Add AI-specific handling: prompt-injection events, model compromise, agent boundary violations.
Risk Management / Authorizing Official

Add AI risk and autonomy-level authorization.
Data Security / Data Governance

Add AI data provenance and poisoning defense — where Work Role 2 Tasks may land if not stood up independently.

The agentic case

Net-new work introduced by agentic AI

The strongest justification for a new Work Role Category is the SRF's agentic content: autonomy levels L0–L5, tool-invocation mediation, agent identity, inter-agent communication, and human-override design. This describes work that has no clear home in current NICE Work Roles.

Unlike application or platform security — which extend existing disciplines — securing autonomous agent behavior is a genuinely new task family. This is the strongest case for the new category and, potentially, for a dedicated agentic-AI security Work Role within it. The SRF can supply the initial Task inventory for that role.

Scope

Security of AI vs. Security through AI

Covered by the SRF

Security of AI

Securing AI systems — the models, platforms, applications, data, and governance structures. The SRF informs this dimension thoroughly and can supply Task inventory for all five proposed Work Roles.

Not covered by the SRF

Security through AI

Using AI to perform cybersecurity work — AI-assisted detection, analysis, or response. NICE's broader AI effort includes this dimension, but it needs different source material. The SRF is largely silent here.

This mapping is analytical input intended for NICE's consideration. The CoSAI AI SRF (OASIS Open Project, Workstream 2, v1.0 approved May 2026) and the NICE Workforce Framework for Cybersecurity (NIST SP 800-181 Rev. 1) are independent works; this alignment is not a formal position of either body.